Ola bug bounty

Security is no more a luxury but a necessity for startups.

Ola is finally willing to share its bounty with hackers

Zomato and Ola were hacked in June this year, putting data of above 50 million users at risk. Earlier Gaana. A first of its kind full-fledged bug bounty program in the Indian technology ecosystem, Ola has started inviting collaboration with researchers from around the world to help keep their product and technology infrastructure secure. Ola plans to investigate and do their best to fix the problem at the earliest.

What is more? Ola will reward users who find bugs in their software. Showing the way forward in security and reduction of vulnerability of new apps and websites, we encourage other startups to follow the trend and make the digital world a better place. Image Credit : Shutterstock. Mumbai taxis and autos go on strike against Ola, Uber, Meru. How has the coronavirus outbreak disrupted your life?

And how are you dealing with it? Write to us or send us a video with subject line 'Coronavirus Disruption' to editorial yourstory. By Team YS. Share on. Trending Now Trending Stories. Coronavirus: Mahindra Logistics launches free emergency cab services. From bicycles to billions: The inspiring refugee-entrepreneurs behind the iconic Hero Group.

Daily Capsule. Read Here. Latest Updates from around the world. Coronavirus: How Udaan is tackling delivery challenges amidst increased demands during lockdown.

Coronavirus: Meet the techies who joined hands to enable delivery of essentials.

ola bug bounty

Right market with sharp customer centricity will be next wave of fintech: Ishaan Mittal of Sequoia India. Our Partner Events Hustle across India.The OLA Security Bug Bounty Program is designed to encourage security researchers to find security vulnerabilities in OLA software and to reward those who help us create a safe and secure product for our customers and partners. If you believe you have found a security vulnerability in Ola software, we encourage you to let us know as soon as possible.

We will investigate the submission and if found valid, take necessary corrective measures. We request you to review our responsible disclosure policy as mentioned below along with rewards and reporting guidelines, before you report a security issue.

The information on this page is intended for security researchers interested in reporting security vulnerabilities to Ola security team. Go to the Report a Vulnerability link to report security issues related to our applications. Bounties are awarded based on the severity, impact, complexity and the awesomeness of the vulnerability reported and it is at the discretion of Ola Security Bug Bounty panel.

Apart from monetary benefits, vulnerability reporters who work with us to resolve security bugs in our products will be honored on the Hall of Fame page. Note that the list of out-of-scope targets is not exhaustive. This is an indicative list. Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within our infrastructure.

Some of the reported issues, which carry low impact, may not qualify. Although we review them on a case-by-case basis, here are some of the common low-risk issues which typically do not earn a monetary reward or goodies:.

The Security Bug Bounty Program, including its policies, is subject to change or cancellation by Ola at any time, without notice. By continuing to participate in the Security Bug Bounty Program after Ola posts any such changes, you implicitly agree to comply with the updated Program Terms.

In the event you breach any of these Program Terms or the terms and conditions of Ola Security Bug Bounty program, Ola may immediately terminate your participation in the Security Bug Bounty Program and disqualify you from receiving any bounty payments. We shall not issue rewards to individuals who do not follow the guidelines of our Vulnerability Program and depending upon the action of an individual, we could take strict legal action. Don't be evil. Practice safe checks. Ola would like to thank the following people who have found security vulnerabilities in Ola products or services and have made a responsible disclosure to us.

Each name listed represents an individual who has responsibly disclosed one or more security vulnerabilities. Security Bug Bounty Program Information. Reporting security issues Go to the Report a Vulnerability link to report security issues related to our applications.

Please understand that due to high number of submissions, it might take some time to fix the vulnerability reported by you. Therefore, give us reasonable amount of time to respond to you with the fix, before you go public. Share the security issue in detail.

At times, we might ask for more information if required. Please be respectful with our existing applications, and we request you not to run test-cases which might disrupt our services. Do not use scanners or automated tools to find vulnerabilities. We also request you not to attempt attacks such as social engineering, phishing.

These kind of bugs will not be considered as valid ones, and if caught, might result in suspension of your account. Vulnerabilities made public before the fix are not eligible for bounty reward.Hacking is here for good, for the good of all of us. More Fortune and Forbes Global 1, companies trust HackerOne to test and secure the applications they depend on to run their business.

From implementing the basics of a vulnerability disclosure process to supercharging your existing security programs via a bug bounty program, HackerOne has you covered.

Ensure bugs found by security researchers, ethical hackers, or other external parties reach the right people in your organization. Capture the intelligence of our trusted community in a time-bound program that consistently outperforms traditional penetration testing.

Find out what makes our white hat hackers tick, why they do what they do, and how they benefit from bug bounty programs. Download the Hacker Report. Peter Yaworski is the author of Web Hackingis a full-time appsec engineer and part-time bug hunter. More security teams use HackerOne to manage vulnerability disclosure and bug bounty programs than any other platform. We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site.

By continuing to use our site, you consent to our use of cookies. For more information see our cookies policy. Hacker-Powered Security Report Get Started. Hack for Good Hacking is here for good, for the good of all of us. Get Started Learn More.

ola bug bounty

Register Now. HackerOne Solutions From implementing the basics of a vulnerability disclosure process to supercharging your existing security programs via a bug bounty program, HackerOne has you covered. Establish a compliant process for receiving and acting on vulnerabilities discovered by third-parties Ensure bugs found by security researchers, ethical hackers, or other external parties reach the right people in your organization. Improve your Pen Test results with a project-based vulnerability assessment program Capture the intelligence of our trusted community in a time-bound program that consistently outperforms traditional penetration testing.

In Their Words Hackers have become an essential part of our security ecosystem. Trusted Globally.Paytm Bug Bounty. Paytm is commited to security. We reward reporters for the responsible disclosure of in-scope issues and exploitation techniques. If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible.

Rewards Paytm Bug Bounty Program offers bounties for security software bugs which meet the following criteria. The bug has a direct security impact and falls under one of our Vulnerability Categories.

Rewards can only be credited to a Paytm wallet, KYC is mandatory. The minimum reward for eligible bugs is INR, Bounty amounts are not negotiable.

ola bug bounty

Multiple reports over time can be eligible for Hall of Fame or a digital certificate. In situations where a bug does not warrant a bounty, we may issue a digital certificate. Our certification process is multi-leveled: Standard Bronze Silver Gold Platinum Our Hall of Fame page recognizes the contributions of reporters who have demonstrated a high level of dedication to our program.

Acceptance requires multiple valid reports and remains at the discretion of our team. Eligibility Be the first to report the issue to us. Must pertain to an item explicitly listed under Vulnerability Categories. Must contain sufficient information including a proof of concept screenshot, video, or code snippet where needed.

You agree to participate in testing the effectiveness of the countermeasure applied to your report. You agree to keep any communication with Paytm private. Vulnerability Categories Vulnerability Type Comment 1. SQL injections 5. Server Side Request Forgery 6. Privilege Escalation 7. Local File Inclusion 8. Remote File Inclusion 9. Leakage of Sensitive Data Authentication Bypass Directory Traversal Payment Manipulation Remote Code Execution We will pay significantly 4 times more for vulnerabilities which would ultimately result in data leakages, authentication bypasses, code execution or payment manipulations.

Rules Don't violate the privacy of other users, destroy data, disrupt our services, etc.Over the past decade or so, the cybersecurity landscape has changed drastically and this has created a significant requirement for cybersecurity professionals along with new job roles.

In this article, we are going to understand what bug bounty hunter is and how you can get started with this job role.

A bug bounty hunter is an individual who knows the nuts and bolts of cybersecurity and is well familiar with finding bugs or flaws. Simply put, a bug bounty hunter tests applications and platforms and looks for bugs that sometimes even the in-house development team fails to spot.

Once spotting a bug, these professionals inform the company or the concerned body behind the application or the platform about the bug and in return, they get paid. The benefits are not always monetary. The concept of a bug bounty is not really new — however, in India, it has gained traction over the last decade.

The reason behind this is the fact when there is a huge number of hackers white hats are trying to find a bug, the chances are much higher than the problem would be sorted quickly and more easily.


Before jumping right into covering how you can get started as a bug bounty hunter, having a cybersecurity background or a significant knowledge of vulnerability assessment will be helpful.

However, it is not mandatory to be well-versed cybersecurity — there are many high-earning bug bounty hunters who are self-taught. Irrespective of the domain, this is the first and foremost thing one should do before jumping right into the getting started. Try to look for the trends in the bug bounty industry — what kind of platforms are involved, what are the methods that the hackers are using, tools involved etc.

This would give an idea about how you should move ahead to get started a bug bounty hunter. Cybersecurity is a vast topic, and one cannot master it just in a few days. When it comes to learning the nuts and bolts of vulnerability assessment, people either go for a short time approach or they either take a full-fledged training. However, it completely depends on you and how you want fast you want to learn. In order to learn, you can always prefer some of the sought after books from the domain:.

There are several other books that are available about bug bounty hunting, but the above three are considered to be one of the bests.

If you want to take things further, you can always join full-time cybersecurity training such as CEH. When you start to gain the knowledge you start directly with some bug bounty programs on the internet. One more method to learn the game is by reading POCs by other hackers or by watching tutorials on YouTube.

It is also considered to be one of the best ways to expand your knowledge. This is one of the most crucial things when it comes to practice vulnerability assessment or penetration testing. While training institutes provide you with the practice platform, it is tough for self-taught professionals. One cannot simply hack random websites or platforms on the internet as it is not legal.

So, it is always advised to set up a virtual system and try out your skills. Or one can even try practising on bug bounty programs itself. You have a look at all the previous years bug that were discovered, and the methods used.The perception of hacking in the country was pretty much non-existent up until the availability of affordable internet connectivity, and even then the perception remains pretty misguided.

Except for the tech-savvy, most individuals, parents or otherwise view the role of hacker as something purely malicious, going as far as labelling hacking skills as criminal tendencies. However, the job market tends to think ahead and think differently, especially when it comes to technology roles.

Even without the accompanying statistics, the need for cybersecurity personnel is evident in the number of leaks happening every single day. To get a basic understanding of the role, the name itself is quite self-explanatory. A bug bounty hunter looks for bugs in applications and platforms, which they later reveal to the company responsible and are compensated for the same.

Numerous companies run established bug bounty programs with predefined rewards. HackerOne is a platform that connects businesses with its community of cybersecurity researchers who work on finding bugs and breaches on their platforms. The Hacker Report from HackerOne outlines a lot of interesting facts about the role of a bug bounty hunter.

Sany mobile crane

Interestingly, India is also one of the leaders on the board in terms of bounty earned. Back inwhen Facebook released statistics pertaining to its own bug bounty program upon its five year anniversary, India topped the list of the number of payouts. In India, the job preference in the general populace leans heavily towards salaried roles. However, the report goes on to show that the top bounty salary earned by Indian hackers in the HackerOne community is about Looking at the reports mentioned earlier will make it clear that hackers can be self-taught, or skilled in a classroom, they can be experienced info-sec professionals doing this as a hobby, or students doing this for skill-development or just for fun on the side.

Since web remains the widest ground for potential bugs, it retains its top position as the most preferred target area, followed closely by network penetration testing. Social engineering is relatively new on the top five but has become increasingly relevant in recent years. Just like the skills and target areas, the tools and methodologies required to become a bug bounty hunter are also quite diverse.

Going by the preferred techniques, attack vectors and methods in the reports mentioned earlier as well as other sources, these are the top five areas to focus on:. Even though this is a top five, XSS has a massive lead going by numbers, followed next by SQL Injection, while the rest are also moderately popular.

Wiring dometic fridge

None of this will be of any use if you cannot practice. Bug hunting is different from writing code and developing applications.

Google classroom hacks reddit

To that end, practicing on vulnerable systems in a simulated environment is a great way to learn the chops. Here are a few examples that will come in handy:. While each company might have its own guidelines for bug reports, it helps if the report is precise, includes ample evidence of the bug without being misleading and also helps them resolve the issue as quickly as possible.

ola bug bounty

Broadly, any bug report should have these features:. Email us to clear any doubts!

Dc3 operating costs

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.

Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9. Building a leading media company out of India. And,grooming new leaders for this promising industry. Feature Story tech. How to become a bug bounty hunter.Today we launched our public bug bounty program at Uber. Embarking on a new bug bounty program can be difficult; it takes time for security researchers to learn the systems, the architecture, and the types of vulnerabilities likely to be lurking.

There are many moving parts that make up the service we call Uber. Peruse this short list of our public-facing services for some information about how they work along with some bug hunting tips for each. Tons of functionality is exposed here—everything from finding nearby drivers to splitting trips with your friends. This API exposes the largest attack surface of any service here at Uber. What to look for: Much like our external API, cn. Keep in mind that you should only ever perform this testing against accounts you own failure to do so could result in removal from the program, which nobody wants!

What it runs on: Because this service acts as a gateway proxy to many of our services, frameworks and languages vary. What it does: This is where partners enter bank information and their national ID number so that 1 they can get paid for their work and 2 we can run them through our screening process. What to look for: The name of this site alone should excite many bug hunters to hack here.

Any web or access control vulnerabilities are very high-risk issues and will receive appropriate payout.

We are especially interested in vulnerabilities that could allow an attacker to bypass the SMS verification system for modifying Vault information for a partner account. What it does: Uber for Business lets businesses manage rides for their employees conveniently. What to look for: In addition to the regular web vulnerability concerns, any vulnerability that would allow for a limited employee account to perform an administrator-only action is a concern.

For example, if an employee is able to change organizational settings without being an administrator, we need to catch that.

Hack for Good

What it does: Uber driver partners visit this website to manage their account information. Sensitive information—private driver documents, payment statements, tax information—lives here.

How to add gliden64 to project 64

What it does: This external API allows people to build awesome apps that interact with Uber in creative ways. Our major concerns for the API revolve around proper access restrictions. Third-party apps should only be able to access Uber account information if the user has consented to it.

thoughts on “Ola bug bounty

Leave a Reply

Your email address will not be published. Required fields are marked *